[Freeipa-devel] [PATCH] 885 optimize indirect member calculation
Rob Crittenden
rcritten at redhat.com
Thu Oct 6 12:48:36 UTC 2011
Alexander Bokovoy wrote:
> On Wed, 05 Oct 2011, Rob Crittenden wrote:
>> When calculating indirect membership of a group all members are
>> examined and if those have members, those are added as well. This
>> does not need to be done when the member in question is a user or a
>> host as they cannot have members.
>>
>> For large groups this is a significant performance improvement (as
>> well as reducing unnecessary load on 389-ds).
> Works for me. However, shouldn't we expand this to all terminal
> objects rather than users and hosts?
>
> Something like attached patch? The containers list should be sorted by
> probability of encountering the container in real life, with users and
> hosts to be at the beginning.
Most of these cannot be a member of other things, the exception being
hbacservice. Since this is limited to pam services I was going on the
assumption that this would be a fairly small number so even if we did a
couple of extra searches now and then there would be little downside, it
can't be nested.
rob
More information about the Freeipa-devel
mailing list